Projective Hash Functions Research Articles

Sustainable and Round-Optimized Group Authenticated Key Exchange in Vehicle Communication

Vehicle authentication is an essential component validating the vehicle’s identity and ensuring the integrity of transformed data for intelligent transport vehicles (ITS) in the vehicular ad hoc network (VANET). Easy to deploy and operate privacy-enhancing vehicle authentication mechanisms are the mainstay for the widespread ITS in the VANET. Very recently, VANET security architectures are constituting by IEEE 1609.2 group, NoW project, the SeVeCom project. However, these approaches heavily depend on the consuming public key infrastructure (PKI) and certification authorities (CA). In this work, walking along the research line, we attempt to design authentication protocols with two diverse factors for Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) networks, respectively, without depending on the stumbling block PKI/CA. In addition, a smooth projective hash function (SPHF) (a.k.a., a special case of the designated-verifier zero-knowledge proof system) guarantees any recipient can confirm the authenticity and integrity of the received messages without knowing the authentication factors. Thus, to optimize the communication round, SPHF is used to design a (group) two-factor authenticated key exchange (AKE) with low-interactive communication rounds. The proof-of-concept implementation indicates that the computation and communication overheads introduced by our solution are acceptable in real-world deployments. The security of the proposed approach is validated using Bellare-Pointcheval-Rogaway (BPR) model along with the experimental evaluation and the theoretical analysis.

Smooth Projective Hash Function From Codes and its Applications

Nowadays, Smooth Projective Hash Functions (SPHFs) play an important role in constructing cryptographic tools such as secure Password-based Authenticated Key Exchange (PAKE) protocol in the standard model, oblivious transfer, and zero-knowledge proofs. Specifically, in this article, we focus on constructing PAKE protocol; that is, a kind of key exchange protocol which needs only a low entropy password to produce a cryptographically strong shared session key. In spite of relatively good progress of SPHFs in applications, it seems there has been little effort to build them upon quantum-resistant assumptions such as lattice-based cryptography and code-based cryptography to make them secure against quantum computer attacks. More precisely, there are two proposals based on lattice assumptions that utilize the SPHFs to construct PAKE secured in standard model. Considering quantum-resistant assumptions is less than straightforward and needs some relaxations. In this article, we introduce two new Approximate SPHF (ASPHFs) from error-correcting codes. Upon designing ASPHF, we can construct two efficient PAKE protocols. The security of our protocols could be proved based on the hardness of bounded decoding (BD) problem and learning with parity (LPN) problem in the standard model.

A tighter proof for CCA secure inner product functional encryption: Genericity meets efficiency

Inner product functional encryption (IPFE) is a primitive which produces, from a master secret key, decryption keys skk associated to vectors k over some specified base ring. Decrypting an encryption of vector m with skk only reveals 〈k,m〉. Benhamouda et al. [7] provided a generic construction for CCA-secure IPFE from projective hash functions (PHFs), unfortunately their security reduction suffers an exponential loss. Their only instantiation capable of decrypting inner products of large sizes, which relies on the decisional composite residuosity (DCR) assumption, is impractical due to the large size of ciphertexts, decryption keys, and the prohibitive speed of the scheme. Our core contribution is a new approach to proving CCA security. Our constructions maintain the genericity of [7], while our security proof relaxes the requirements on the underlying PHFs and gains in reduction tightness. We instantiate these constructions from the DCR assumption, an assumption in class groups (HSMCL) and the decision Diffie Hellman (DDH) assumption. Our CCA-secure constructions from DCR and HSMCL are the first such schemes to efficiently decrypt inner products of large size, improving by multiple orders of magnitude upon the work of [7]. A single-core C implementation of these schemes shows that, for a 112 bit security, and 100-dimensional vectors, their DCR-based scheme takes 1 h 20 min to encrypt, and over 5 min to decrypt, whereas our slowest scheme takes 5.2 s to encrypt and 0.5 s to decrypt. Similarly a ciphertext for their scheme is of 283 MB; those of our HSMCL-based scheme are of 30 kB.

Achieving One-Round Password-Based Authenticated Key Exchange over Lattices

<i>Password-based authenticated key exchange</i> (<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq1-2939836.gif"/></alternatives></inline-formula>) protocol, a widely used authentication mechanism to realize secure communication, allows protocol participants to establish a high-entropy session key by pre-sharing a low-entropy password. An open challenge in <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq2-2939836.gif"/></alternatives></inline-formula> is how to design a quantum-resistant round-optimal <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq3-2939836.gif"/></alternatives></inline-formula>. To solve this challenge, lattice-based cryptography is a promising candidate for post-quantum cryptography. In addition, Katz and Vaikuntanathan (ASIACRYPT&#x2019;09) design the first <i>three-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq4-2939836.gif"/></alternatives></inline-formula> protocol by leveraging the smooth projective hash function (<inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq5-2939836.gif"/></alternatives></inline-formula>) over lattices. Subsequently, Zhang and Yu (AISACRYPT&#x2019;17) optimized Katz-Vaikuntanathan&#x2019;s approximate <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq6-2939836.gif"/></alternatives></inline-formula> via a splittable public key encryption. They then constructed a <i>two-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq7-2939836.gif"/></alternatives></inline-formula> by using the simulation-sound non-interactive zero-knowledge (NIZK) proofs, but how to construct a lattice-based simulation-sound NIZK remains an open research question. In other words, how to design a one-round <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq8-2939836.gif"/></alternatives></inline-formula> via an efficient lattice-based <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq9-2939836.gif"/></alternatives></inline-formula> still remains a challenge. In this work, we attempt to fill this gap by proposing a lattice-based <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq10-2939836.gif"/></alternatives></inline-formula> with adaptive smoothness. We then obtain a <i>one-round</i> <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq11-2939836.gif"/></alternatives></inline-formula> protocol over lattices with rigorous security analysis by integrating the proposed <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq12-2939836.gif"/></alternatives></inline-formula> into the one-round framework proposed by Katz and Vaikuntananthan (TCC&#x2019;11). Furthermore, we explore the possibilities of achieving two-round <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq13-2939836.gif"/></alternatives></inline-formula> and universal composable (UC) security from our <inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq14-2939836.gif"/></alternatives></inline-formula>, and show the potential application of our <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq15-2939836.gif"/></alternatives></inline-formula> in Internet of Things (IoTs) where communication cost is the main consideration.

Efficient Public Key Encryption With Outsourced Equality Test for Cloud-Based IoT Environments

Cloud-based Internet of Things (IoT) system is becoming a promising architecture in our modern society. However, cloud-based IoT system brings a number of challenges in the security aspect while improving the efficiency of data analytics. Especially, searching on encrypted data is challenging given today’s technology. Thus searchable encryption has emerged as one of the important research fields. Public key encryption with equality test (PKEET) provides a simple but useful mechanism to cryptographically protect data while keeping it available for equality test on ciphertexts. However, PKEET schemes in the literature are not suitable for cloud-based IoT system with privacy protection enhancement since the untrustworthy cloud server may be interested in query results by itself and hence reveal the private information of data owner out of the expectation of data user. Even worse, it could launch offline message recovery attack (OMRA) based on the returned query results. In this paper, we introduce a new notion of public key encryption with outsourced equality test (PKE-OET) for adapting to cloud-based IoT environments as well as providing a flexible solution to resist against OMRA without taking any information about entrusted parties as input in encryption. We formally define the security model of PKE-OET against three types of adversary including IND-CCA-I, IND-CCA-II and IND-CCA-III. We present a generic PKE-OET construction using a new variant of smooth projective hash function (SPHF) with a novel Lin-Hom property, which is of independent interest. Then we provide an efficient PKE-OET instantiation from Symmetric eXternal Diffie-Helllman (SXDH) assumption and show its practicality for cloud-based IoT environments through a series of experiments on Cloud Server and Raspberry Pi.

Designated-Verifier Anonymous Credential for Identity Management in Decentralized Systems

Most of the existing identity management is the centralized architecture that has to validate, certify, and manage identity in a centralized approach by trusted authorities. Decentralized identity is causing widespread public concern because it enables to give back control of identity to clients, and the client then has the ability to control when, where, and with whom they share their credentials. A decentralized solution atop on blockchain will bypass the centralized architecture and address the single point of the failure problem. To our knowledge, blockchain is an inherited pseudonym but it cannot achieve anonymity and auditability directly. In this paper, we approach the problem of decentralized identity management starting from the designated-verifier anonymous credential (DVAC in short). DVAC would assist to build a new practical decentralized identity management with anonymity and auditability. Apart from the advantages of the conventional anonymous credential, the main advantage of the proposed DVAC atop blockchain is that the issued cryptographic token will be divided into shares at the issue phase and will be combined at the showing credential phase. Further, the smooth projective hash function ( SPHF in short) is regarded as a designated-verifier zero-knowledge proof system. Thus, we introduce the SPHF to achieve the designated verifiability without compromising the privacy of clients. Finally, the security of the proposed DVAC is proved along with theoretical and experimental evaluations.

Achieving password-hashing scheme over lattices

Password-based authentication is the dominant form of access control and is likely to keep its status in the foreseeable future. Password authenticated key exchange (PAKE) protocols enable two parties to exchange a session key during password-based authentication over an insecure channel. To resist password compromise at the server-side, passwords are recommended to be stored in a salted hash form. However, conventional password hashing functions (e.g., PBKDF2, bcrypt, and scrypt) only support PAKE protocols based on specific number-theoretic assumptions, which can only be proved secure in the random oracle model, and the communication rounds are generally high. Furthermore, they demand a large memory size, i.e., the output is of length łinebreak 32 bytes. To address these issues, several password hashing schemes based on discrete-logarithm assumptions, e.g., Benhamouda and Pointceva (IACR ePrint2013/833), Kiefer and Manulis (ESORICS14), and Pointcheval and Wang (ASIACCS17), have been proposed to be integrated with a smooth projective hash function (SPHF), but they are not secure in the coming quantum era and only can be proved security in the random oracle model. In this work, we focus on the question of how to design an efficient password hashing scheme that can be integrated into quantum-resistant SPHF-based PAKE while being secure in the standard model (but not the random oracle model). Following the research line of Kiefer and Manulis (ESORICS14), we design three new types of lattice-based password hashing schemes based on homomorphic commitment schemes with provable security in the standard model. We show that they can be efficiently integrated with SPHFs to obtain low-interactive PAKE protocols. Although the proposed scheme is not ready to be deployed in practice, it is an important step for the quantum-resistant password-based authentication and authenticated key exchange.

Identity-Based Verifiable Aggregator Oblivious Encryption and Its Applications in Smart Grids

Verifiable aggregator oblivious encryption is a useful notion that not only allows an untrusted aggregator to compute aggregated data without learning any other information but also requires the aggregator to generate a proof of the aggregated data so that anyone can verify the accuracy. Since the aggregator does not learn data that may reveal users' private information and also cannot forge the aggregated data, verifiable aggregator oblivious encryption is suitable for privacy-preserving smart metering. However, NIST has recommended not using public-key-based cryptography in the smart grid because public-key cryptography cannot provide sufficient scalability. Thus, we propose a notion of identity-based verifiable aggregator oblivious encryption and design concrete schemes in this paper. We prove the aggregator oblivious security and aggregator unforgeability of our schemes via the smooth projective hash function and computational Diffie-Hellman assumption. Furthermore, based on our identity-based verifiable aggregator oblivious encryption scheme, we propose an identity-based data aggregation protocol for the smart grid and provide a security analysis in the context of seven typical attacks on smart grids. The implementation of our protocol via the Intel Edison platform shows that it is sufficiently lightweight for resource-constrained smart meters.

Quantum-Safe Round-Optimal Password Authentication for Mobile Devices

Password authentication is the dominant form of access control for the Web and mobile devices, and its practicality and ubiquity is unlikely to be replaced by other authentication approaches in the foreseeable future. To guarantee the security of data communication and mitigate the problem of password-cracking, a <i>Password Authenticated Key Exchange</i> (<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq1-3040776.gif"/></alternatives></inline-formula>) system can be deployed between two peer participants. The main drawback of traditional <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq2-3040776.gif"/></alternatives></inline-formula> is that passwords are exposed in plaintext when the remote server is compromised. To overcome this limitation, it is recommended by industry standards (such as SRP family RFC 5054, RFC6628, RFC7914, OPAQUE, <i>etc</i>) to use <i>asymmetric</i>-<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq3-3040776.gif"/></alternatives></inline-formula> protocols, which enable the server to store a hash of the user&#x0027;s password with a random salt, providing guarantees that the user&#x0027;s password is never transmitted in plain-text to the server when login. However, most of the existing <i>asymmetric</i>-<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq4-3040776.gif"/></alternatives></inline-formula> protocols either are based on traditional hash functions under random oracles, or depend on non-quantum-secure hardness assumptions and become insecure in the quantum era. To bridge the gap between <i>asymmetric</i>-<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq5-3040776.gif"/></alternatives></inline-formula> and quantum-security, in this article, we resort to <i>smooth projective hash functions</i> (<inline-formula><tex-math notation="LaTeX">$\mathsf {SPHF}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">SPHF</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq6-3040776.gif"/></alternatives></inline-formula>) and <i>commitment</i>-based <i>password-hashing schemes</i> (<inline-formula><tex-math notation="LaTeX">$\mathsf {PHS}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PHS</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq7-3040776.gif"/></alternatives></inline-formula>) over lattice-based cryptography, and construct an asymmetric <inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq8-3040776.gif"/></alternatives></inline-formula> protocol secure against quantum attacks. Our construction eliminates the costly non-interactive zero-knowledge (NIZK) method, bypasses assumptions of the random oracle model, and achieves quantum resistance. We also show that our asymmetric-<inline-formula><tex-math notation="LaTeX">$\mathsf {PAKE}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">PAKE</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq9-3040776.gif"/></alternatives></inline-formula> protocol can achieve security and efficiency under the Bellare-Pointcheval-Rogaway (BPR) model. Finally, we develop a prototype implementation of our instantiation and use it to evaluate its performance in realistic settings.

Practical CCA-Secure Functional Encryptions for Deterministic Functions

Functional encryption (FE) can implement fine-grained control to encrypted plaintext via permitting users to compute only some specified functions on the encrypted plaintext using private keys with respect to those functions. Recently, many FEs were put forward; nonetheless, most of them cannot resist chosen-ciphertext attacks (CCAs), especially for those in the secret-key settings. This changed with the work, i.e., a generic transformation of public-key functional encryption (PK-FE) from chosen-plaintext (CPA) to chosen-ciphertext (CCA), where the underlying schemes are required to have some special properties such as restricted delegation or verifiability features. However, examples for such underlying schemes with these features have not been found so far. Later, a CCA-secure functional encryption from projective hash functions was proposed, but their scheme only applies to inner product functions. To construct such a scheme, some nontrivial techniques will be needed. Our key contribution in this work is to propose CCA-secure functional encryptions in the PKE and SK environment, respectively. In the existing generic transformation from (adaptively) simulation-based CPA- (SIM-CPA-) secure ones for deterministic functions to (adaptively) simulation-based CCA- (SIM-CCA-) secure ones for randomized functions, whether the schemes were directly applied to CCA settings for deterministic functions is not implied. We give an affirmative answer and derive a SIM-CCA-secure scheme for deterministic functions by making some modifications on it. Again, based on this derived scheme, we also propose an (adaptively) indistinguishable CCA- (IND-CCA-) secure SK-FE for deterministic functions. The final results show that our scheme can be instantiated under both nonstandard assumptions (e.g., hard problems on multilinear maps and indistinguishability obfuscation (IO)) and under standard assumptions (e.g., DDH, RSA, LWE, and LPN).

Building Low-Interactivity Multifactor Authenticated Key Exchange for Industrial Internet of Things

Industrial Internet of Things (IIoT) brings together computers, devices, advanced analytics, and people in industries, such as transportation, oil plant, and power grid that leads to major efficiency and productivity gains for almost any industrial procedures. Due to the interconnection of devices in IIoT, communication security has become a critical issue to address in many emerging industry standards that require the authentication and key exchange procedure to be done to guarantee the authorized machine access (e.g., from users) and secure the data transmission between machines. To overcome the shortcoming (i.e., low entropy) of the memorable password in user authentication, it is rightfully recommended by industry standards (such as IEC-62443 family) to use multifactor authentication (MFA) for higher security levels. Notably, latency is one of the main sources of inefficiency when a device is communicating with other machines on IIoT. To mitigate latency, a smooth projective hash function (SPHF) built from well-studied standard assumptions is used to achieve a lowinteractivity multifactor authenticated key exchange protocol (MFAKE) because SPHF allows each party to prove to the others that he knows the right authentication factor(s). In this article, we are, therefore, motivated to build a new MFAKE named “secure remote multifactor (SRMF)” to achieve the humaninvolved “machine-to-machine” secure communication in IIoT. That is, SRMF leverages multiple user-centric authentication factors (such as password, biometric fingerprints, and PIN), and it can synergistically support multifactor registration (MFR), MFA, and multifactor key exchange (MFKE). Furthermore, to prevent authentication factors stored at the server exposing to attackers, the password-harden service (i.e., Pythia-PRF and USENIX'15) inspires us to develop a multifactor hardening service (MFHS) utilizing an oblivious pseudorandom function (OPRF). The balanced security of the proposed protocol is proved under the model of Bellare-Pointcheval-Rogaway (EUROCRYPTO'00) along with theoretical and experimental evaluations.

A New Framework of IND-CCA Secure Public Key Encryption with Keyword Search

AbstractIn the era of cloud computing, public key encryption with keyword search (PEKS) is an extremely useful cryptographic tool for searching on encryption data, whose strongest security notion is indistinguishability encryption against chosen ciphertext attack (ind-cca). Adballa et al. presented a transformation from identity based encryption (IBE) to PEKS in the Theory of Cryptography Conference 2010. This paper proposes a new framework of ind-cca secure PEKS in the standard model. Our main technical tool is a newly introduced notion of smooth projective hash function with key mapping, in which the hash key hk is mapped into another mapping projection key mhp besides the classical projection key hp. Finally, we provide an instantiation of our framework based on symmetric eXternal Diffie–Hellman assumption.

Post-Quantum Universal Composable OT Based on Key Exchange

We construct a universal composable framework for two-message oblivious transfer protocols based on lattice-assumption. Compared with the paper proposed by Liu and Hu, we modify a framework proposed by Liu and Hu by adding three tools, which are XOR, Bit Commitment and Smooth Projective Hash Function (SPHF). We instantiate Hash Function as SPHF, which can be more secure in practical application and can achieve full-simulatable in security proof. Compared with Hash Function used as Random Oracle in security proof, this construction is more secure and efficient in security proof. In particular, we mainly consider full-simulatable in simulation, which simulator can simulate any corruption cases. So we mainly consider non-adaptively malicious adversary in Oblivious Transfer protocols.

Plaintext-Verifiably-Checkable Encryption and Its Extension in Dual-Server Setting

Plaintext-checkable encryption (PCE), first introduced by Canard et al., allows users searching on encrypted data through plaintexts. It provides a useful primitive in the cloud computing security. However, existing PCE schemes could not guarantee verifiability to prevent from malicious adversaries. To concentrate with, we provide the notion of plaintext-verifiably-checkable encryption (PVCE). Our PVCE scheme could check that if a ciphertext is valid, even though it could pass the check procedure, to avoid malicious ciphertexts. Furthermore, we extend the work in dual-server setting, called dual-server plaintext-verifiably-checkable encryption (DS-PVCE), to resist offline message recover attack. We also give the security definition IND-CCA-FS, IND-CCA-BS and IND-CCA-BS-II in standard model for DS-PVCE and prove that DS-PVCE is secure under these security notions. Then we give constructions of PVCE and DS-PVCE from pairing-friendly smooth projective hash function (PF-SPHF) and their instantiations based on k-MDDH assumption. At the end of this paper, we provide implementation to compare existing PCE schemes and our schemes, which shows that DS-PVCE has very high check efficiency compared with other PCE schemes.

Password–Authenticated Group Key Establishment from Smooth Projective Hash Functions

Abstract Password-authenticated key exchange (PAKE) protocols allow users sharing a password to agree upon a high entropy secret. Thus, they can be implemented without complex infrastructures that typically involve public keys and certificates. In this paper, a provably secure password-authenticated protocol for group key establishment in the common reference string (CRS) model is presented. While prior constructions of the group (PAKE) can be found in the literature, most of them rely on idealized assumptions, which we do not make here. Furthermore, our protocol is quite efficient, as regardless of the number of involved participants it can be implemented with only three communication rounds. We use a (by now classical) trick of Burmester and Desmedt for deriving group key exchange protocols using a two-party construction as the main building block. In our case, the two-party PAKE used as a base is a one-round protocol by Katz and Vaikuntanathan, which in turn builds upon a special kind of smooth projective hash functions (KV-SPHFs). Smooth projective hash functions (SPHFs) were first introduced by Cramer and Shoup (2002) as a valuable cryptographic primitive for deriving provable secure encryption schemes. These functions and their variants proved useful in many other scenarios. We use here as a main tool a very strong type of SPHF, introduced by Katz and Vaikuntanathan for building a one-round password based two party key exchange protocol. As evidenced by Ben Hamouda et al. (2013), KV-SPHFs can be instantiated on Cramer–Shoup ciphertexts, thus yielding very efficient (and pairing free) constructions.

Revisiting post-quantum hash proof systems over lattices for Internet of Thing authentications

Internet of Things (IoT) has proved to be one of a success subset of cyber-physical systems, and it is receiving much attention among end-users associated with various applications. However, with the popularization of the IoT technologies, network attacks on the IoT environment are also increasing. To mitigate these security attacks, one of the candidates’ choice is quantum-resistant authentication, but the widely used authentication schemes are inadequate because they cannot prevent the quantum computer attacks. Lattices serving as an extremely promising foundation for post-quantum cryptography have emerged, and hash proof systems (HPS) over lattices have attracted the attention in the quantum-resistant authentication. Most existing HPS schemes over lattices can be used for authentications, but most of HPSs constructions depend on the strong security scheme that can prevent the indistinguishable chosen-ciphertext attacks (CCA) and focus on single-bit encryption, which seems unpractical in the IoT environments. An open problem is how to Integrate the vector (or multi-bit) versions of HPS over lattices into IoT environment for authentication with high efficiency. In this paper, to instantiate HPS over lattices and make it more practical for IoT, we follow the methodology from foremost schemes and introduce the smooth projective hash function (SPHF) which is a special of HPS. Then we relax the CCA-secure requirement and give two elegant instantiations of SPHF with rigorous INDCPA security for the open problem by optimizing two classic encryptions over lattices. The key point of the optimization is that we use a diverse public key which cascades multiple learning with errors (LWE) instances instead of a matrix of LWE insurance while we can bypass the coarse straightforward composition.

Verifier-based anonymous password-authenticated key exchange protocol in the standard model.

Anonymous password-authenticated key exchange (APAKE) allows a client to authenticate herself and to establish a secure session key with a remote server via only a low-entropy password, while keeping her actual identity anonymous to the third party as well as to the server. Since that APAKE protocol enjoys both the convenience of password authentication and the advantage of privacy protection, researchers have paid much attention to them. However, most of the existing APAKE protocols are designed in the symmetric setting which does not take into consideration the threat of password file leakage. To mitigate the damage of server compromise, we propose a verifier-based anonymous password-authenticated key exchange protocol, in which the server holds a verifier corresponding to each client instead of the clear password. The construction of our protocol is built on standard cryptographic primitives such public key encryption, smooth projective hash functions and password hashing schemes. The resulting protocol is proved secure in the standard model, i.e., without resorting to random oracles. Comparisons with other similar schemes show that our protocol guarantees stronger security while enjoys considerable efficiency in terms of computational cost.

Witness-based searchable encryption

We put forward a new cryptographic primitive called witness-based searchable encryption (WBSE), namely if w and x satisfy a witness relation, an encryption of (m, w) could be tested by a trapdoor of (m′, x) whether the keyword m′ is equal to m. The benefit of this primitive is to solve the challenging problem of keyword guessing attack in public-key searchable encryption. We construct a WBSE scheme in a generic way using smooth projective hash function (SPHF) as a building block and prove its WB-IND-CCA ciphertext security, WB-IND-TD trapdoor security and EUFT-CIA trapdoor unforgeability. Thanks to an efficient SPHF instantiation from Decisional Diffie–Hellman (DDH) assumption, we obtain an efficient WBSE instance without any pairing operation.

Practical witness encryption for algebraic languages or how to encrypt under Groth–Sahai proofs

Witness encryption (\(\mathsf{WE}\)) is a recent powerful encryption paradigm, which allows to encrypt a message using the description of a hard problem (a word in an \({\mathbf{NP}}\)-language) and someone who knows a solution to this problem (a witness) is able to efficiently decrypt the ciphertext. Recent work thereby focuses on constructing \(\mathsf{WE}\) for \({\mathbf{NP}}\) complete languages (and thus \({\mathbf{NP}}\)). While this rich expressiveness allows flexibility w.r.t. applications, it makes existing instantiations impractical. Thus, it is interesting to study practical variants of \(\mathsf{WE}\) schemes for subsets of \({\mathbf{NP}}\) that are still expressive enough for many cryptographic applications. We show that such \(\mathsf{WE}\) schemes can be generically constructed from smooth projective hash functions (\(\mathsf {SPHF}\)s). In terms of concrete instantiations of \(\mathsf {SPHF}\)s (and thus \(\mathsf{WE}\)), we target languages of statements proven in the popular Groth–Sahai (\(\mathsf {GS}\)) non-interactive witness-indistinguishable/zero-knowledge proof framework. This allows us to provide a novel way to encrypt. In particular, encryption is with respect to a \(\mathsf {GS}\) proof and efficient decryption can only be done by the respective prover. The so obtained constructions are entirely practical. To illustrate our techniques, we apply them in context of privacy-preserving exchange of information.

A Generic Scheme of plaintext-checkable database encryption

Database encryption is essential for cloud database systems. For a large database, decryption could take a lot of computational time. Therefore, verifying an encryption that contains a correct plaintext without decryption becomes significant for a large database system. Plaintext-checkable encryption (PCE) is a potential tool for such database systems, which is first proposed by Canard et al. in CT-RSA 2012. Although the generic PCE in the random oracle model has been studied intensively, the generic PCE in the standard model and its efficient implementation are still challenging problems. This paper presents the first generic PCE in the standard model using smooth projective hash function (SPHF) and prove its s-priv1-cca security, which is independent of current unlink security. Based on the instantiated SPHF from DDH assumption, we obtain the most efficient PCE in the standard model, without any pairing operation. Finally, we improve two existing generic constructions in the random oracle model so that they are secure under chosen ciphertext attack.